This is an alternative DHCP client, the ISC DHCP client for Linux. Like
"dhcpcd" (the client that is installed by default), it can be used to
configure the network setup. IP address, hostname, routing,
nameserver, netmask, and broadcast can be dynamically assigned while
booting the machine.
It is configurable via the configuration file /etc/dhclient.conf and
you can define your own 'hooks' to be used by the /sbin/dhclient-script
(which is called by the daemon).
Authors:
--------
Internet Systems Consortium, Inc. <info@isc.org>

License

BSD3c(or similar)

Changelog

* Fri Sep 30 2011 coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
* Tue Sep 06 2011 mt@suse.com
- Commented out all configuration examples in /etc/dhcpd.conf and
dhcp6.conf (bnc#715473).
- Enabled dhcp6.rapid-commit in /etc/dhclient6.conf config file.
- Removed useless provides/obsoletes from spec file.
* Wed Aug 31 2011 mt@suse.com
- Set the DHCPD_CONF_INCLUDE_FILES and the DHCPD6_CONF_INCLUDE_FILES
variables to /etc/dhcpd.d and /etc/dhcpd6.d by default, so there
are well-defined directories expected to contain additional config
files (bnc#690585).
* Mon Aug 29 2011 mt@suse.de
- Updated to ISC dhcp-4.2.2 release, providing two security fixes
(CVE-2011-2748,CVE-2011-2749,[ISC-Bugs #24960],bnc#712653), that
allowed remote attackers to cause a denial of service (a daemon
exit) via crafted BOOTP packets. Further also DNS update fix to
detect overlapping pools or misconfigured fixed-address entries,
that caused a server crash during DNS update and other fixes.
For a complete list, please see the RELNOTES file provided in
the package and also available online at http://www.isc.org/.
- Merged/adopted dhclient option-checks, send-hostname-rml, ldap
patch, xen-checksum, close-on-exec patches and removed obsolete
in6_pktinfo-prototype and relay-no-ip-on-interface patches.
- Moved server pid files into chroot directory even chroot is
not used and create a link in /var/run, so it can write one
when started as user without chroot and avoid stop problems
when the chroot sysconfig setting changed (bnc#712438).
- Disabled log-info level messages in dhclient(6) quiet mode to
avoid excessive logging of non-critical messages (bnc#711420).
- Fixed dhclient-script to not remove alias IP when it didn't
changed to not wipe out iptables connmark when renewing the
lease (bnc#700771). Thanks to James Carter for the patch.
- Fixed DDNS-howto.txt reference in the config file; it has been
moved to the dhcp-doc package (bnc#697279).
- Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz
to ensure, they're not used to build non-GPL dhcp (bnc#714004).
- Changed to apply strict-aliasing/RELRO for >= 12.x only
* Wed Jul 20 2011 crrodriguez@opensuse.org
- Correct previous change.
* Wed Jul 20 2011 crrodriguez@opensuse.org
- THis is a long running network daemon, link with
full RELRO security enhancements.
- remove -fno-strict-aliasing from CFLAGS, no longer needed.
* Tue May 17 2011 crrodriguez@opensuse.org
- Import redhat's patch to open all needed FDs with O_CLOEXEC
so they dont leak.
* Thu May 12 2011 mt@suse.de
- Removed obsolete sles8 compatibility dependencies, fixed
to avoid non-functional sles_version conditionals.
* Tue May 10 2011 mt@suse.de
- Fixed to not introduce separate dhcp-doc package on sles,
use versioned provides/obsoletes, improved conditionals.
* Tue May 03 2011 mt@suse.de
- Fixed dhclient-script typo causing ISC DHCPv6 client to execute
ifup pre-down scripts also while renew, when the ipv6 address
did not changed (bnc#690859).
* Fri Apr 29 2011 mt@suse.de
- Implemented optional ldap connect retry loop during the initial
startup of the dhcp server in cases where the ldap server is not
yet started. Set the ldap-init-retry <num> option in dhcpd.conf
to enable it (bnc#627617). Merged in the actual ldap patch.
- Cleaned up init script error reporting, no -TERM for killproc.
* Wed Apr 27 2011 mt@suse.de
- Updated to ISC dhcp-4.2.1-P1 release, that provides most of the
dhclient pretty escape and string option checks. Merged to use
relaxed domain-name option check causing a regression, when the
server is misusing it to provide a domain list (compatibility to
attic clients) and does not provide it via domain-search option;
pretty escape semicolon as well (bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mt@suse.de
- Discard string options such as host and domain names containing
disallowed characters or beeing too long. This proctive patch
limits root-path to a-zA-Z0-9, #%+-_:.,@~/\[]= and a space
(bnc#675052, CVE-2011-0997).
* Thu Mar 31 2011 mt@suse.de
- Updated to ISC DHCP 4.2.1 release (bnc#680298), that provides
following fixes (digest):
* Several fixes to OMAPI, cleanup of dereferenced pointers in
the omapi handle, handling of pipe failures and status code
in omapi signal handler that may cause connect failure and
100% CPU use.
* Handle some DDNS corner cases better
* Several fixes to lease input and output
* Corrected side effect of printing all data strings as hex.
* Host record references leaks causing applying config to all
innocent clients.
* Memory leak when parsing a domain name
* Fixes to configuration parsing including infinite loop.
* Fixed for unexpected abort caused by a DHCPv6 decline.
For the complete list see the RELNOTES file, that is available
also online at http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-RELNOTES.
- Removed obsolete optional-value-infinite-loop, no-libcrypto
and CVE-2011-0413.bnc667655 patches.
- Merged the dhclient-send-hostname and ldap patches.
* Mon Feb 21 2011 mt@suse.de
- dhclient-script: fixed typo causing that only global settings
to set hostname and default route were applied for primary
and never per interface settings (bnc#673792).
* Fri Feb 18 2011 mt@suse.de
- Added dhcp-4.2.0-xen-checksum.patch by David Cantrell to handle
xen partial UDP checksums (bnc#668194).
* Wed Feb 02 2011 mt@suse.de
- Applied security fix for unexpected abort caused by a DHCPv6
decline message (CVE-2011-0413, VU#686084, bnc#667655).
- Fixed dhclient.conf to request the domain-search option.
* Mon Dec 13 2010 mt@suse.de
- Updated to ISC DHCP 4.2.0-P2, a security release fixing the
handling of connection requests on the failover port.
Previously a connection request from a source that wasn't
listed as a failover peer would cause the server to become
non-responsive. ([ISC-Bugs #22679] CERT: VU#159528 CVE:
CVE-2010-3616, bnc#659059).
* Tue Dec 07 2010 mt@suse.de
- Enable ldap CASA support on SLE only.
* Tue Nov 30 2010 mt@suse.de
- Fixed to use same/correct dhcrelay6 interface variables in the
sysconfig file and in the dhcrelay6 init script.
* Mon Nov 29 2010 mt@suse.de
- Updated to ISC DHCP 4.2.0-P1 release, providing a security fix to
handle a relay forward message with an unspecified address in the
link address field. Previously such a message would cause the
server to crash. Thanks to a report from John Gibbons.
[ISC-Bugs #21992] CERT: VU#102047 CVE: CVE-2010-3611 (bnc#650902)
The 4.2.0 version is a feature release, implementing asynchronous
DDNS processing and includes "The LDAP Patch".
For a complete list of changes from any previous release, please
consult the RELNOTES file within the source distribution or on
the ISC website: http://www.isc.org/software/dhcp/420
- Fixed compilation to avoid segfaults as soon as ldap is enabled,
merged our ldap patches from 4.1.x branch.
* Tue Nov 02 2010 mt@suse.de
- Fixed a dhcrelay segfault while receiving packets on interfaces
without any IPv4 address assigned (bnc#631305, reported upsteam
as [ISC-Bugs #22409]).
- Fixed a common infinite loop while parsing options with optional
parts in the value such as in slp-service-scope option (bnc#643845,
reported upsteam as [ISC-Bugs #22410]).
- Fixed init scripts to report correct LSB codes in status action,
when the config file or the binary do not exists (bnc#640336).
- Fixed syntax of a check in the rcdhcrelay[6] (bnc#648580)
- Avoid pid check error message in the rcdhcpd[6] (bnc#646875)
* Wed Sep 29 2010 mt@suse.de
- Fixed server lease file path in contrib/listlease and leasestate
changed to extract contrib and examples using setup macro.
* Wed Aug 04 2010 mt@suse.de
- Renamed rfc3442-classless-static-routes_raw in /etc/dhclient.conf
to rfc3442-classless-static-routes for compatibility with the
NetworkManager making use of /etc/dhclient.conf now and adopted
/sbin/dhclient-script (bnc#625770).
* Tue Jul 27 2010 mt@suse.de
- Fixed ldap option number conflicting with new options (bnc#625358)
* Fri Jul 02 2010 mt@suse.de
- Added a fix for an lpf bind error messages making it easier to
localize problems (bnc#617795)
* Mon Jun 14 2010 mt@suse.de
- Updated to ISC DHCP 4.1.1-P1 patch release, which contains
a pair of bug fixes including one for a security related bug
(bnc#612546, CVE-2010-2156):
* A bug was fixed that could cause the DHCPv6 server to
advertise/assign a previously allocated (active) lease to a
client that has changed subnets, despite being on different
shared networks. Dynamic prefixes specifically allocated in
shared networks also now are not offered if the client has
moved. [ISC-Bugs #21152]
* Accept a client id of length 0 while hashing. Previously the
server would exit if it attempted to hash a zero length client
id, providing attackers with a simple denial of service attack.
[ISC-Bugs #21253]
* Tue May 18 2010 mt@suse.de
- Added rc.dhcrelay6 as source in the spec file
* Tue May 11 2010 mt@suse.de
- Fixed dhcprelay scripts to source sysconfig file correctly
- Fixed spec file typo in arping path require, enabled ldap
- Fixed a dhclient option name and new/old ip address check
* Fri May 07 2010 mt@suse.de
- Updated to ISC DHCP 4.1.1, the current 4.x series production
release, providing DHCPv6 client/server/relay implementation.
The programs act in DHCPv6 mode, when the -6 start option is set.
We install separate init scripts with a 6 at the end to handle
them, that is /etc/init.d/dhcpd6 and dhrelay6. Further, there is
also a link to the binaries with a 6 at the end, e.g. dhclient6,
making it visible, that the installed version supports DHCPv6.
- Moved additional documentation to a separate dhcp-doc package.
- Changed to provide config files and scripts as source files
instead of patches to the ISC scripts.
- Adopted spec file and config/scripts, merged in all patches.
- Implemented RFC 3442 classless static routes support in the
dhclient-script (bnc#555870).
* Thu Apr 29 2010 mt@suse.de
- Updated to ISC DHCP 3.1-ESV, an extended support version release
which includes a small number of bug fixes (bnc#592178) over the
3.1.3 version:
* Modified the handling of a connection to avoid releasing the
omapi io object for the connection while it is still in use.
One symptom from this error was a segfault when a failover
secondary attempted to connect to the failover primary if
their clocks were not synchronized.
* Fix test in dhcp_interface_signal_handler to check that the
inner handler has a signal_handler before calling it.
* When using 'ignore client-updates;', the FQDN returned to the
client is no longer truncated to one octet.
* Clean up some compiler warnings - ticket 19054.
- Fixed vlan interface check in dhcpd-restart-hook if-up.d script
(bnc#599702)
- Touch dhclient.leases in post-install script instead to provide
an empty file, versioned provides/obsoletes (rpmlint warnings).
* Fri Mar 12 2010 mt@suse.de
- Fixed dhclient-script to call ifup -o dhcp and signal "complete"
to ifup when all configuration is done (bnc#585380,bnc#518219).
* Thu Jan 07 2010 jengelh@medozas.de
- Enable parallel building
- Use large PIE model on all SPARC flavors
* Mon Dec 14 2009 mt@suse.de
- Fixed dhclient-script to use correct sysconfig run dir path
to not to break the defaultroute/hostname setup (bnc#555095).
- Don't request any specific lease-time by default (bnc#516459).
* Fri Oct 16 2009 mt@suse.de
- Fixed dhclient-script to forward new_domain_search as DNSSEARCH
to netconfig.
* Tue Oct 13 2009 mt@suse.de
- Updated to dhcp-3.1.3 maintenance release fixing several issues
(a digest, see RELNOTES for the complete list):
* Remove infinite loop in token_print_indent_concat().
* A parser bug was fixed that segfaulted if site-option-space
was tried to be used interchangeably with vendor-option-space.
* Two uninitialized stack structures are now memset to zero,
thanks to patch from David Cantrell at Red Hat.
* Memory leak in the load_balance_mine() function is fixed. This
would leak ~20-30 octets per DHCPDISCOVER packet while failover
was in use and in normal state.
* Fixed setting hostname in Linux hosts that require hostname
argument to be double-quoted. Also allow server-provided
hostname to override hostnames 'localhost' and '(none)'.
* Added client support for setting interface MTU and metric,
thanks to Roy "UberLord" Marples <roy@marples.name>.
* Fixed failover reconnection retry code to continue to retry to
reconnect rather than restarting the listener.
* Fixed a bug where an OMAPI socket disconnection message would
not result in scheduling a failover reconnection, if the link
had not negotiated a failover connect yet (e.g.: connection
refused, asynch socket connect() timeouts).
* Versions 3.0.x syntax with multiple name->code option
definitions is now supported. Note that, similarly to 3.0.x,
for by-code lookups only the last option definition is used.
* Fixed a fenceposting bug when a client had two host records
configured, one using 'uid' and the other using 'hardware
ethernet'. CVE-2009-1892
- Updated to dhcp-3.1.3-ldap-patch-mt-01 including previous fixes.
- Merged dhclient script, removed obsolete CVE-2009-1892 fix.
* Tue Sep 29 2009 mt@suse.de
- Replaced mt-02 ldap patch from old git repository with equivalent
one (dhcp-3.1.2p1-ldap-patch-mt-02) from a new repository with
fixed patch history (http://www.suse.de/~mt/git/dhcp-ldap.git/).
* Wed Aug 12 2009 mt@suse.de
- Added dhcpd-restart-hook if-up.d script that restarts dhcp server
while network restart when a virtual interfaces as bridge, bond
or vlan goes up again (bnc#517810).
* Wed Jul 29 2009 mt@suse.de
- Applied fix for a dhcp client id DoS (CVE-2009-1892, bnc#519413).
* Wed Jul 29 2009 mt@suse.de
- Updated to dhcp-3.1.2p1 maintenance release fixing following
issues:
* A stack overflow vulnerability was fixed in dhclient that could
allow remote attackers to execute arbitrary commands as root on
the system, or simply terminate the client, by providing an
over-long subnet-mask option.
* A double-dereference in dhclient transmission of DHCPDECLINEs
was repaired.
* Fix handling of -A and -a flags in dhcrelay; it was failing
to expand packet size as needed to add relay agent options.
* Corrected list of failover state values in dhcpd man page.
* Fixed a bug that caused some request types to be logged
incorrectly.
* Fixed a coredump when adding a class via OMAPI.
* Clients that sent a parameter request list containing the
routers option before the subnet mask option were receiving
only the latter. Fixed.
* The server wasn't always sending the FQDN option when it should.
* A partner-down failover server no longer emits 'peer holds all
free leases' if it is able to newly-allocate one of the peer's
leases.
* A cosmetic bug in DHCPDECLINE processing was fixed which caused
all successful DHCPDECLINEs to be logged as "not found" rather
than "abandoned".
* Some failover debugging #defines have been better defined and
some high frequency messages moved to a deeper debugging symbol.
* The CLTT parameter in failover is now only updated by client
activity, and not by failover binding updates.
* Failover BNDUPD messages are now discarded if they conflict with
an update that has been trasnmitted, but not acknowledged.
* A bug cleaning up unknown-xxx temporary option definitions was
fixed.
- Removed obsolete dhclient-no-dereference-twice patch
- Improved dhclient-script to apply global dhcp settings, when
there is no interface config (bnc#480922).
- Enabled casa support in dhcp-ldap for >= sles 10 and => 11.1.
- Updated dhcp-3.1.2p1-ldap-patch-mt.11.2-02 merging all patches
flying around -- see http://www.suse.de/~mt/git/dhcp-ldap.git
and the git changelog at the begin of the patch.